Many PDA users want E-mail access to business networks, but IT security administrators don't want the PDA security risks. Without help from third-party vendors, BlackBerrys and Palms would remain nifty calendars and address books for many users, rather than the laptop substitutes they're meant to be.
"PDA users roam a lot more than laptop users, so their systems are twice as likely to be corrupted, lost, or stolen," says Nick Magliato, CEO at Trust Digital, a provider of PDA security products. "That's why there's a higher need for security on PDAs than there is for laptops and PCs."
The Department of Veterans Affairs' National Cardiovascular Care Improvement Program recognized this risk last year when it moved nurses at its 44 cardiac centers from laptops to Palm PDAs. Before, during, and after surgeries, nurses use the PDAs to gather about 200 pieces of information on each patient's medical history and current medical condition.
The move to PDAs wasn't a huge change since the devices could use the same software as the agency's desktops and laptops. Nurses work at desktop systems when they're not in the operating room and synchronize data between the two systems.
The Health Insurance Portability and Accountability Act and other regulations had forced the cardiovascular care unit to pay attention to security even before the PDAs were deployed. IT managers determined that they needed to block Wi-Fi and Bluetooth access and encrypt 17 data types in order to comply with privacy and security requirements. It went with security software from Trust Digital, which "has features I didn't even know I wanted but found out I needed," says Tamara Box, an independent contractor working as the Internet development manager at the VA's Cardiovascular Outcomes Research unit.
Data can be encrypted on an application basis using Trust Digital and requires app-level passwords, which is useful since multiple nurses may share the same PDA but don't need access to the same information, Box says. Policy-based administration lets Box choose different standards for different apps.
Not every PDA-using organization is securing its handhelds as effectively. In a recent survey conducted by security vendor nCipher Inc., 54% of 237 IT managers and security administrators say they don't know when they'll deploy or have no plans to deploy the 802.1x PDA security standard.
Companies should deploy authentication and encrypt data at the device level, says Ray Wagner, an analyst at Gartner. "Information on the PDA is no different than what's on a laptop," he says. "And people are carrying them around and losing them all the time."
Besides Trust Digital, Credant Technologies and Pointsec provide security products specifically for PDAs. Trust Digital focuses on securing data while it resides on the PDA. It doesn't try to protect PCs and laptops like bigger vendors.
Pointsec provides user-transparent encryption that ensures enforceable, automatic mobile security practices so all data is protected without requiring user intervention. Pointsec supports every major operating system for PCs, PDAs, and smart phones, and secures all information stored on the mobile devices and on removable memory media with full-disk encryption.
Credant provides a comprehensive mobile security platform to secure notebooks, tablet PCs, PDAs, and smart phones from one management interface, while integrating with enterprise directories for centralized management of security. Administrators work from a Web-based console that lets them control all devices. An automated detection and control feature protects all devices accessing a network.